我在2个不同的服务器(1)上安装了2个应用程序,这些服务器托管在glassfish(2)批处理服务器(独立的Java应用程序)中 . 这两个应用程序都使用通用的java程序(以jar文件的形式)来调用外部服务器 . 我正在使用'CloseableHttpClient'来连接到该外部第三方服务器 . 从我的服务器一(glassfish)我能够从外部服务器调用并获得响应,但批处理服务器上的相同程序在SSL之外抛出除外
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在com.sun.net.ssl找到所请求目标的有效证书路径 . 在com.sun.net.ssl.internal.ssl的com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)上的internal.ssl.Alerts.getSSLException(Alerts.java:174) . Hands.sker.fatalSE(Handshaker.java:241)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate( ClientHandshaker.java:1209)com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java: 593)com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)at com .sun.net.ssl.internal.ssl.SSLSocketImpl.performIni tialHandshake(SSLSocketImpl.java:1188)位于com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)的com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl . 的java:1199)在org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)在org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)在org.apache .http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)在org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)在org.apache.http.impl.execchain.MainClientExec .establishRoute(MainClientExec.java:363)在org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)在org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195 )org.apache.http.impl.exe中的org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)at org.apache.http.impl.execc hain.RedirectExec.execute(RedirectExec.java:108)在org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)在org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient . java:82)atg.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)at com.csid.sms.util.postup.PostUpRestClient.executeRequest(PostUpRestClient.java:169)at com.csid .sms.util.postup.PostUpRestClient.executeJsonPost(PostUpRestClient.java:134)在com.csid.sms.util.postup.PostUpRestClient.executeJsonRequest(PostUpRestClient.java:106)在com.csid.sms.util.postup.PostUpEmailRoute .triggerMessage(PostUpEmailRoute.java:213)在itm.monitor.SummaryEmailPostupRoute.triggerMessage(SummaryEmailPostupRoute.java:154)在com.csid.sms.messaging.MessagingHandler.triggerMessage(MessagingHandler.java:60)在itm.monitor.SummaryEmailRoute . sendEmail(SummaryEmailRoute.java:49)位于itm.monitor的itm.monitor.BatchEmailProcessor.sendEmail(BatchEmailProcessor.java:105) . BatchEmailProcessor.call(BatchEmailProcessor.java:51)atm.monitor.BatchEmailProcessor.call(BatchEmailProcessor.java:33)at java.util.concurrent.FutureTask $ Sync.innerRun(FutureTask.java:303)at java.util.concurrent java.util.concurrent.Executors上的.FutureTask.run(FutureTask.java:138)java.util.concurrent.FutureTask的$ RunnableAdapter.call(Executors.java:439)$ Sync.innerRun(FutureTask.java:303)at at Java.util.concurrent.TutureTask.run(FutureTask.java:138)java.util.concurrent.ThreadPoolExecutor $ Worker.runTask(ThreadPoolExecutor.java:895)at java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor . java:918)at java.lang.Thread.run(Thread.java:662)引起:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的认证sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)所请求目标的路径sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)在sun.security.validator.Validator.validate(Validator.java:218)在com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate( X509TrustManagerImpl.java:126)在com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)在com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 249)在com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)...... 37多产生的原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的认证路径请求的目标在sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)在java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)在sun.security.validator.PKIXValidator.doBuild(PKIXValidator .java:318)......还有43个
注意 - 此异常仅从批处理服务器抛出,而不是从管理服务器(在glassfish中托管)抛出 .
在谷歌搜索此错误后发现外部服务器获取的证书可能不是由某个受信任的机构颁发的,因此我使用'installCert'(this java program)导入证书 .
现在使用keytool命令在cacert中验证证书
keytool -list -keystore cacerts
我可以看到外部证书列在受信任的证书列表中 . 但仍然超过SSL异常 .
有什么想法吗?为什么我没有从管理服务器(glassfish)获得任何类型的SSL期望,这也是使用相同的Java代码? glassfish是否像浏览器一样自动导入证书?
2 回答
您的批处理程序和管理应用程序可能表现不同,因为它们使用不同的JRE . 每个JRE都有自己的cacerts .
您需要验证JRE是否确实使用了导入证书的信任库 .
添加JVM运行时参数"-Djavax.net.debug=all"并重新启动服务器 . 这将在服务器启动时打印由JVM加载的信任库 .